root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

MimeTypeUtils uses SecureRandom 

The prevailing current wisdom is to use the default constructor for
secure and let it pick the best algorithm for the OS.

On Java 8 (Oracle), Linux this results in "NativePRNG" which uses
/dev/random (potentially blocking) for the initial seed, and
/dev/urandom (non-blocking) for subsequent calls to nextInt.

Issue: SPR-16635
This commit is contained in:
Rossen Stoyanchev 2018-03-23 21:45:41 -04:00
parent f6ea7407e6
commit ab2410c754
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
spring-core/src/main/java/org/springframework/util/MimeTypeUtils.java
View File

@ -18,6 +18,7 @@ package org.springframework.util;
import java.nio.charset.StandardCharsets;
import java.nio.charset.UnsupportedCharsetException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@ -45,7 +46,7 @@ public abstract class MimeTypeUtils {
'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',
'V', 'W', 'X', 'Y', 'Z'};
private static final Random RND = new Random();
private static final Random RND = new SecureRandom();
/**
* Comparator used by {@link #sortBySpecificity(List)}.